setcap on Node.js prevents processing of NODE_OPTIONS

[connor4312]

• Version: v15.11.0
• Platform: Linux connor-Virtual-Machine 5.4.0-66-generic
• Subsystem: unknown

What steps will reproduce the bug?

1. sudo setcap cap_net_admin+iep $(which node)
2. Attempt to use anything in the NODE_OPTIONS environment variable
3. Nothing happens

How often does it reproduce? Is there a required condition?

100% of the time

What is the expected behavior?

I would expect NODE_OPTIONS to be processed regardless.

What do you see instead?

Additional information

Reported on microsoft/vscode-js-debug#852

[addaleax]

I think @danbev's #37727 might address this.

[drazisil]

When did this behavior break? It doesn't look like the code changed. Is this a change in kernel security?

[Busyrev]

Reproduced on 17.3.0. Its very important for debugging sсripts that using Bluetooth and GPIO. Please fix it.

[lesmo]

Just wanted to share this is also happening for node v14 under Linux. The annoying part is it took me hours to land at this conclusion.

The only workaround seems to be NOT using setcap... some alternatives include just using any other port not requiring elevated privileges, some iptables stuff or running with authbind instead (but I havent tried it).